{"id":"https://openalex.org/W7133332713","doi":"https://doi.org/10.48550/arxiv.2603.01297","title":"I Can't Believe It's Not Robust: Catastrophic Collapse of Safety Classifiers under Embedding Drift","display_name":"I Can't Believe It's Not Robust: Catastrophic Collapse of Safety Classifiers under Embedding Drift","publication_year":2026,"publication_date":"2026-03-01","ids":{"openalex":"https://openalex.org/W7133332713","doi":"https://doi.org/10.48550/arxiv.2603.01297"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.01297","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.01297","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.01297","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5128034384","display_name":"Subramanyam Sahoo","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Sahoo, Subramanyam","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122946330","display_name":"Vinija Jain","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jain, Vinija","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127901258","display_name":"Divya Chaudhary","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chaudhary, Divya","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5127872996","display_name":"Aman Chadha","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chadha, Aman","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5128034384"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9503999948501587,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9503999948501587,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.011599999852478504,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.00430000014603138,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fragility","display_name":"Fragility","score":0.7260000109672546},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.603600025177002},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5996000170707703},{"id":"https://openalex.org/keywords/stability","display_name":"Stability (learning theory)","score":0.4666999876499176},{"id":"https://openalex.org/keywords/catastrophic-failure","display_name":"Catastrophic failure","score":0.4307999908924103},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.415800005197525}],"concepts":[{"id":"https://openalex.org/C80191262","wikidata":"https://www.wikidata.org/wiki/Q5477668","display_name":"Fragility","level":2,"score":0.7260000109672546},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.603600025177002},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5996000170707703},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5666999816894531},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4771000146865845},{"id":"https://openalex.org/C112972136","wikidata":"https://www.wikidata.org/wiki/Q7595718","display_name":"Stability (learning theory)","level":2,"score":0.4666999876499176},{"id":"https://openalex.org/C112987892","wikidata":"https://www.wikidata.org/wiki/Q5051574","display_name":"Catastrophic failure","level":2,"score":0.4307999908924103},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.415800005197525},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.3549000024795532},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34850001335144043},{"id":"https://openalex.org/C42058472","wikidata":"https://www.wikidata.org/wiki/Q810214","display_name":"Base (topology)","level":2,"score":0.3418000042438507},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3174000084400177},{"id":"https://openalex.org/C60777511","wikidata":"https://www.wikidata.org/wiki/Q3045002","display_name":"Concept drift","level":3,"score":0.3021000027656555},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.27320000529289246},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.26019999384880066},{"id":"https://openalex.org/C47446073","wikidata":"https://www.wikidata.org/wiki/Q5165890","display_name":"Control theory (sociology)","level":3,"score":0.25690001249313354},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2524000108242035}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.01297","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.01297","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.01297","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.01297","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Instruction":[0],"tuned":[1],"reasoning":[2],"models":[3,78],"are":[4],"increasingly":[5],"deployed":[6],"with":[7,67],"safety":[8,103,110],"classifiers":[9],"trained":[10],"on":[11,40],"frozen":[12],"embeddings,":[13],"assuming":[14],"representation":[15],"stability":[16],"across":[17,113],"model":[18,114],"updates.":[19],"We":[20,73],"systematically":[21],"investigate":[22],"this":[23],"assumption":[24,108],"and":[25,105],"find":[26],"it":[27],"fails:":[28],"normalized":[29],"perturbations":[30],"of":[31,64],"magnitude":[32],"$\u03c3=0.02$":[33],"(corresponding":[34],"to":[35,49,92],"$\\approx":[36],"1^\\circ$":[37],"angular":[38],"drift":[39],"the":[41,107],"embedding":[42],"sphere)":[43],"reduce":[44],"classifier":[45],"performance":[46],"from":[47],"$85\\%$":[48],"$50\\%$":[50],"ROC-AUC.":[51],"Critically,":[52],"mean":[53],"confidence":[54],"only":[55],"drops":[56],"$14\\%$,":[57],"producing":[58],"dangerous":[59],"silent":[60],"failures":[61],"where":[62],"$72\\%$":[63],"misclassifications":[65],"occur":[66],"high":[68],"confidence,":[69],"defeating":[70],"standard":[71],"monitoring.":[72],"further":[74],"show":[75],"that":[76,109],"instruction-tuned":[77],"exhibit":[79],"20$\\%$":[80],"worse":[81],"class":[82],"separability":[83],"than":[84],"base":[85],"models,":[86],"making":[87],"aligned":[88],"systems":[89],"paradoxically":[90],"harder":[91],"safeguard.":[93],"Our":[94],"findings":[95],"expose":[96],"a":[97],"fundamental":[98],"fragility":[99],"in":[100],"production":[101],"AI":[102],"architectures":[104],"challenge":[106],"mechanisms":[111],"transfer":[112],"versions.":[115]},"counts_by_year":[],"updated_date":"2026-03-04T07:09:34.246503","created_date":"2026-03-04T00:00:00"}